Microsoft has published a new book in the MSDN Library called "Improving Web Application Security: Threats and Countermeasures." It can be downloaded as PDF (919 p.) in a stupid selfinflating Zip archive, so it's really a .exe file. It's ironic, a security guide where you need to do something basically insecure (running an executable from some random website) to read it. Besides Info-ZIP unpacks it without a hitch, and exists in a version for Windows too.